The World Anti-Doping Agency (WADA) and the United States Anti-Doping Agency (USADA) have been hacked for the second time by the cyber-espionage group that calls itself the “Fancy Bears Hack Team”. The most recent attack involved confidential emails and personal details of several senior anti-doping officials.
It is becoming increasingly clear that WADA and USADA can not be trusted to protect the confidential data of famous top-level athletes. WADA has been under heavy criticism after Fancy Bears exposed the confidential medical data of around 100 Olympic and Paralympic athletes in September 2016; specifically, the first hack exposed the medical diagnoses of athletes who were granted a therapeutic use exemption (TUE) to use otherwise prohibited medications. The latest hack included confidential information like the home phone number of WADA President Craig Reedie along with the private email correspondences of high-ranking USADA members
The USADA email correspondences involve the discussions about rumors of cocaine use by some American athletes competing in the 2016 Rio Olympics; rumors about a non-American athlete who may have had a blood transfusion; discussion about whether or not unusual blood test values were correct or not; and questions about a long-list of medications and vitamins listed by an American athlete before an out-of-competition test (e.g. Advair, Synthroid, vitamin D, Allegra, Cytomel, Singulair and Tylenol).
The Fancy Bears Hack Team did not openly post the hacked data on its website as it did with the September 2016 hack. But it did offer to release the data to journalists who were interested in the corruption of anti-doping officials.
“We keep on fighting for clean sport! We’ve got thousands of #WADA’s classified documents exposing how awfully corrupt sports officials are,” the Fancy Bear Hack Team said in a statement posted on Facebook. “Now, we are ready to share them with journalists standing for clean sport! Get in in touch with us.”
WADA and USADA predictably did not accept responsibility for its failure to safeguard such important information. Instead, WADA release a statement attempting to minimize the significance of the leaked information. WADA claimed the news was only intended as a distraction from the “real issue”. According to WADA, the “real issue” is its claim that a state-sponsored doping program exists in Russia.
“The criminal leak of this information – which is regular correspondence on anti-doping operational matters from Wada staff – illustrates nothing new and is once again part of a continued effort to discredit Wada and the broader anti-doping system,” according to WADA. “Furthermore, this activity is part of an attempt to distract from the real issue: the serious breaches to world anti-doping rules that were evidenced in the McLaren report.”
USADA spokesperson Ryan Madden was also dismissive of the news of hacked USADA emails. Madden didn’t even consider it news at all. Instead, he characterized it as “fake news”.
“While in a lot of ways these emails only further demonstrate the high standard to which athletes in the US are held, what is concerning to us – as well as anyone else who truly values the spirit of Olympism – is the clear and malicious violation of athletes’ rights,” according to USADA spokesperson Madden.
“What we hope doesn’t get lost in the headlines is that these athletes have done everything asked of them, have been held to the highest standard and are now being forced to watch as a cyber-espionage group attempts to create fake news.”
The news of the breach couldn’t be further from “fake news”. It is highly newsworthy. It is WADA and USADA who are doing its best to distract the public from the real story. Rather than involving any wrongdoing by athletes, the topic is WADA’s and USADA’s operational security failures that have allowed highly-sensitive and confidential athlete medical information to be released to the general public.
It goes far beyond the release of data involving athlete medical conditions, medications and TUEs. WADA and UsAD require that top-level athletes provide detailed “whereabouts” on their physical location every day throughout the year. These athletes must give anti-doping organizations an exact address and location where they can be found for a one hour period for each and every day. The requirement represents a significant invasion of privacy in the name of protecting clean athletes.
If WADA and USADA can not be trusted to safeguard this information with proper operational security, the whereabouts location data could end up in the hands of the general public. The whole world would then know exactly where these athletes live. They will known where they train. They will know when and where they travel. They will know exactly how to find these athletes. And they will know the perfect guise to approach these athletes if they have malicious intent.
Rather than WADA and USADA protecting famous top-level athletes from anything at all, their sloppy OPSEC could place the athletes in direct physical harm.
Let this article serve as a warning to athletes who willing give up confidential information without holding the anti-doping agencies accountable for securing it.